5 Million Xiaomi, Oppo, Vivo Phones Found To Be Infected With Hidden Pre-Installed Malware

Your phone isn’t only infected with malware when you visit shady sites or download suspicious files — it can also already contain malware when you first take it out of the box.

Researchers at Checkpoint have discovered that 5 million Android phones came pre-installed with hidden malware. These phones were from prominent Chinese brands, including Honor, Huawei, Xiaomi, Vivo, LeEco Gionee and Coolpad, among others. The malware disguises itself as a wifi service on phones and silently shows ads, while also communicating with a central command-and-control server. As many 49% of the infected phones that were found passed through a single Hangzhou-based mobile phone supply chain distributor called Tian Pai.

rottensys malware

The researchers have dubbed the malware RottenSys, which has reportedly has been propagating since September 2016. The malware cleverly hides itself by doing nothing at first. After a latent period, it quietly contacts its command and control servers, and downloads further code onto the phone. The malware also asks for as many as 79 Android permissions, including a silent download permission, which allows it to download additional code onto phones without their users’ knowledge.

rottensys targeted phones

The most obvious ill-effect of RottenSys is the advertisements that is starts throwing up on the phones it’s on. Over a period of 10 days, researchers concluded that the malware made as much as $115,000 (Rs. 75 lakh) from advertisements. Given how the malware has been operational for over a year, the malware’s writers have potentially made millions, just through ads. 

The researchers said that while money might’ve been a nice byproduct for the hackers, it’s possible that they were up to something more sinister. Since last month, the attackers behind the malware have been downloading more code onto phones, essentially creating a large, connected botnet. This would allow for the malware to silently install more apps, and even remotely control devices.

It’s unclear what the geographical spread of the malware was, but Chinese phone brands are now hugely popular in India. Chinese companies now account for over 50% of all phones sold in the country, and Xiaomi, one of the affected brands, has just become India’s largest selling smartphone company.

And reports of Chinese phones coming pre-loaded with malware would make both the citizens and governments jittery — the Indian army already has directives in place against letting soldiers use Chinese phones in a personal capacity, and with phones containing the innermost details of the personal lives of their users, including photos and chats, users too are likely to be concerned about unauthorized apps on their devices. The entire privacy debate in recent years have centered around Aadhar, which is ultimately run by a government that citizens themselves elect. The real dangers, though, might be coming from locations they have no jurisdiction over.

To check if your phone has been infected, go to System settings -> App Manager and check for these apps. If found, you can delete them to remove the malware.

  • com.android.yellowcalendarz (每日黄历)
  • com.changmi.launcher (畅米桌面)
  • com.android.services.securewifi (系统WIFI服务)
  • com.system.service.zdsgt